KABUL (Agencies): A sophisticated cyber espionage campaign targeting Microsoft’s SharePoint server software has compromised approximately 100 organisations worldwide, cybersecurity experts revealed on Monday.
The large-scale intrusion exploits a previously unknown vulnerability — known as a “zero-day” exploit — enabling attackers to infiltrate self-hosted SharePoint servers and potentially install backdoors for long-term access. Cloud-hosted SharePoint services remain unaffected.
The breach was initially discovered by Eye Security, a Netherlands-based cybersecurity firm, which identified unusual activity in one of its clients’ systems on Friday. A subsequent internet scan conducted in collaboration with the Shadowserver Foundation revealed nearly 100 compromised organisations — even before the exploit details became publicly known.
“It’s unambiguous,” said Vaisha Bernard, Chief Hacker at Eye Security. “Who knows what other adversaries have done since to place other backdoors.”
While Bernard declined to name the affected entities, he confirmed that national cybersecurity authorities had been notified. Shadowserver confirmed the estimate, adding that most victims were located in the United States and Germany, including government agencies.
A researcher from Sophos, a UK-based cybersecurity firm, noted the operation currently appears to be the work of a single threat actor or hacking group, though that could change rapidly.
“The SharePoint incident appears to have created a broad level of compromise across a range of servers globally,” said Daniel Card of British consultancy PwnDefend. “Taking an assumed-breach approach is wise. Simply applying the patch is not enough.”
Potentially Thousands at Risk
Data from Shodan, a search engine for internet-connected devices, suggests more than 8,000 vulnerable servers could theoretically have been targeted. These include servers belonging to major industrial firms, financial institutions, healthcare providers, auditors, and multiple government agencies, including U.S. state-level entities.
On Saturday, Microsoft issued a security advisory warning of “active attacks” and urged users to install the released security updates. A Microsoft spokesperson reiterated that customers are strongly encouraged to apply the patches.
The FBI confirmed it is aware of the breaches and is coordinating with public and private sector partners. Similarly, the UK’s National Cyber Security Centre acknowledged “a limited number” of targets within the United Kingdom.
Despite the potential scale of the breach, Microsoft’s stock remained steady, gaining 0.06% as of 3:00 PM (New York time), and rising over 1.5% in the past five days of trading.
Support Dawat Media Center
If there were ever a time to join us, it is now. Every contribution, however big or small, powers our journalism and sustains our future. Support the Dawat Media Center from as little as $/€10 – it only takes a minute. If you can, please consider supporting us with a regular amount each month. Thank you
DNB Bank AC # 0530 2294668
Account for international payments: NO15 0530 2294 668
Vipps: #557320
Support Dawat Media Center
If there were ever a time to join us, it is now. Every contribution, however big or small, powers our journalism and sustains our future. Support the Dawat Media Center from as little as $/€10 – it only takes a minute. If you can, please consider supporting us with a regular amount each month. Thank you
DNB Bank AC # 0530 2294668
Account for international payments: NO15 0530 2294 668
Vipps: #557320
Comments are closed.